Package: pure-ftpd Version: 1.0.36-2 Severity: important Tags: patch User: hardening-disc...@lists.alioth.debian.org Usertags: goal-hardening
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello, Hardened build features used through dpkg-buildflags are all used in the upstream build system (plus bindow and pie). However, the FORTIFY_SOURCE CPPFLAGS is not applied because gcc optimizations are not used, see dpkg-buildflags(1) for more informations. Adding -O2 to CFLAGS in debian/rules seems to be sufficient to enable fortify_source. Please also note that blhc report false positives against build flags because upstream flags are not equals to Debian choices: * CFLAGS + upstream -fno-strict-aliasing -fno-strict-overflow -fstack-protector-all + dpkg-buildflags: -fstack-protector-strong -Wformat -Werror=format-security * LDFLAGS + upstream: -z relro -z now + dpkg-buildflags: -Wl,-z,relro -Wl,-z,now -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJUNa1mAAoJEJmGUYuaqqClV1gQAIQDA0pnJEISIKAYAXyxLYO4 sEbLSB3v3sTyw+AISR5/RxqoJ7o8mgdUThLEMmCP4qYJqayqdvVUqDH0bcMJ41rM IiVjdgmu/L5zIyiMHUWWs4LCkhrXQlP6oP8LlEEduuDrMh3dvP4tn7QjrQ1L0SH+ /TLUz+C0brMx6oQ3WVTs5Fowe6/glpNMr2tcIBWCWXjr+KBS1Qjj5JBELM/WcH2G J49yvWGYAwMOmDB9KbhKUJ8O9z+wnZek2ZI9184099zeVpqPFnQSMHf1iW1PU7Hq on438lxHN6seqyLKBQkakntcAC/xZeYjUWBAgcRo/xWmhMcCIebM7vBhyUwRU7+b VUSf2vS5E+4AYsuc00nUp+vTXlDiCihbGLhHG2SPgvvt6EOwVaPXNj8aM9XLnGgE fagnCBI6yg1WYfUX8nSpyLl5Cmu2LOac+ZiE3JR42UCHMxSWXrEA2CgfFxZy345V BPPbESk54Xh60+PVIW4qpcqVYpohSkK5CGlfZntikHUCddLcQjCHoScAZGedUGk+ bYX9YA5Y2c1gqBNaJV6s6X/ra4TWrnSIrnQSqkmJ2Iu/FmSG9ck9yWAG7eKNjdN3 SQa5ctVVaF2tNa8D0luLWHEC5QnCty2r+vtdn0aLqxUPNOqhbZnnuGZNnBy11Gi2 WE8nLadeyDs91M6Ic3D8 =va85 -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
